Use eval instead of JSON.parse

JamesOsgood / mongodb-grafana

MongoDB plugin for Grafana

MIT License

464 stars 213 forks source link

Use eval instead of JSON.parse #68

Open arthurdarcet opened 5 years ago

arthurdarcet commented 5 years ago

This handles:

trailing commas on the last line of array/objects
no need to use quotes around object keys
makes it possible to use "new Date()" in a query to have it return the current time

spatecon commented 1 year ago

Using eval on server side for this type of logic is overkill. It can lead to exploits, allowing not only the use of new Date(), but also file I/O and SSRF.

Here's an example.